fix: AWS CCM after upstream v1.29 change with temporary addresses

dkoshkin · dkoshkin · commit e00761349851 · 2024-04-26T13:21:22.000-07:00
diff --git a/charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.27.1-configmap.yaml b/charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.27.1-configmap.yaml
@@ -167,6 +167,7 @@ data:
                 cpu: 200m
             securityContext: {}
           dnsPolicy: Default
+          hostNetwork: true
           nodeSelector:
             node-role.kubernetes.io/control-plane: ""
           priorityClassName: system-node-critical
diff --git a/charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.28.1-configmap.yaml b/charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.28.1-configmap.yaml
@@ -167,6 +167,7 @@ data:
                 cpu: 200m
             securityContext: {}
           dnsPolicy: Default
+          hostNetwork: true
           nodeSelector:
             node-role.kubernetes.io/control-plane: ""
           priorityClassName: system-node-critical
diff --git a/charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.29.2-configmap.yaml b/charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/aws-ccm-v1.29.2-configmap.yaml
@@ -167,6 +167,7 @@ data:
                 cpu: 200m
             securityContext: {}
           dnsPolicy: Default
+          hostNetwork: true
           nodeSelector:
             node-role.kubernetes.io/control-plane: ""
           priorityClassName: system-node-critical
diff --git a/hack/addons/kustomize/aws-ccm/helm-values.yaml b/hack/addons/kustomize/aws-ccm/helm-values.yaml
@@ -0,0 +1,12 @@
+# Copyright 2024 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+---
+# Starting in Kubernetes v1.29 the Kubelet no longer adds temporary addresses to the Node.
+# See https://github.com/kubernetes/kubernetes/pull/121028
+# This causes a deadlock with the AWS CCM and some CNI providers including Calico.
+# The Calico Pods won't start until some addresses are assigned,
+# but the AWS CCM that adds the addresses can't start until the Calico Pods are running.
+# Using hostNetworking allows the AWS CCM to start before the Calico Pods.
+# The upstream CAPA templates are also already using hostNetworking for the CCM Pods.
+hostNetworking: true
diff --git a/hack/addons/kustomize/aws-ccm/kustomization.yaml.tmpl b/hack/addons/kustomize/aws-ccm/kustomization.yaml.tmpl
@@ -12,6 +12,7 @@ helmCharts:
   repo: https://kubernetes.github.io/cloud-provider-aws
   releaseName: aws-cloud-controller-manager
   version: ${AWS_CCM_CHART_VERSION}
+  valuesFile: helm-values.yaml
   includeCRDs: true
   skipTests: true
 
diff --git a/hack/addons/update-aws-ccm.sh b/hack/addons/update-aws-ccm.sh
@@ -24,6 +24,7 @@ trap_add "rm -rf ${ASSETS_DIR}" EXIT
 
 readonly KUSTOMIZE_BASE_DIR="${SCRIPT_DIR}/kustomize/aws-ccm/"
 envsubst -no-unset <"${KUSTOMIZE_BASE_DIR}/kustomization.yaml.tmpl" >"${ASSETS_DIR}/kustomization.yaml"
+cp "${KUSTOMIZE_BASE_DIR}"/*.yaml "${ASSETS_DIR}"
 
 readonly FILE_NAME="aws-ccm-${AWS_CCM_VERSION}.yaml"
 kustomize build --enable-helm "${ASSETS_DIR}" >"${ASSETS_DIR}/${FILE_NAME}"
